This command clears all open UDP ports by DNS.EXE
net stop dns
After restarting the DNS service, DNS.EXE allocates 5000+ ports.
net start dns
It doesn't consume extensive memory or cpu. However I noticed/alarmed many http/smtp/pop3 connection problems to the server because of timeouts. I just examined and found tons of open ports by DNS.EXE. Currports displays UDP local ports from 50000 to 56000, local addresses are :: and remote addresses are empty. Last lines of netstat - a command are below:
UDP [::]:55976 *:*
UDP [::]:55977 *:*
UDP [::]:55978 *:*
UDP [::]:55979 *:*
UDP [::]:55980 *:*
UDP [::]:55981 *:*
UDP [::]:55982 *:*
I didn't notice these ports before, so I don't know for sure it is ok or not. What do you think? I did restart the server and monitoring/alert mails are NOT continuing.
This is a well-known side effect of the hotfix distributed to address MS08-037, since the hotfix is intended to decrease the predictability of ports used for DNS responses.
You can restrict the amount of ports used by defining a lower Socket Pool Size, as described in this article:
Using dnscmd.exe
dnscmd /Config /SocketPoolSize <value>where<value>is a number between 0 and 10000Using regedit.exe
regedit.exeand expand theHKLMhiveSYSTEM\CurrentControlSet\services\DNS\ParametersDWORDvalue namedSocketPoolSizenet stop dns && net start dnsBe aware that setting the value too low, effectively defeats the purpose of MS08-037
If you're on Windows Server 2008 R2 and just want to make sure that a number of individual UDP endpoints are not used by DNS, you can also specify a list of port ranges to be excluded from use by DNS: